Jump to content

Are deleted registry entries really gone?


login123

Recommended Posts

I came across a reference to the possibility of recovering a deleted registry key. 

Never had heard of it, thought regediting was irreversible, deleted entries were just gone, period. 

 

Got curious, found a tool called YARU (Yet Another Registry Utility) which finds registry keys that have been deleted.

It doesn't seem to be a competitor w/ CCleaner, as it just allows viewing the registry and maybe editing (haven't tried that). 

 

It works, on this computer it found some old registry keys associated with Realplayer which I had deleted some time ago.  No other software I've tried can find them. 

 

So I wonder, are they like a regular file, marked as gone but not really gone? 

When we delete them "normally" what happens, are they kept, if so where & for how long?

And a larger question, what else does windows squirrel away and pretend it's gone. 

 

Be careful.  Editing the registry is dangerous.  YARU is not very intuitive, little available in the way of help documentation. Usually editing the registry is harmless or fatal, not much in between. 

 

Still, if you want to check it out, some information about YARU and a link to a free version can be found here:

http://www.downloadcrew.com/article/24338-yaru_32-bit
or

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

Forgot the link to the 64 bit version.  The newer versions are apparently not free.

http://www.downloadcrew.com/article/24339-yaru_64-bit

Thanks for the kind words, Hazelnut. 

This may be another momentous dicovery that everybody already knew about.  :P

But I sure didn't. Going to learn what I can now, though. 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

  • Moderators

Some registry values aren't easy to delete, for instance I've seen many jumbled together into a seemingly un-editable area (sorry can't remember it off the top of my head - but it isn't like anyone should play with it either). I've seen where folder locations are referenced, etc., and I've never seen any registry cleaner find them as invalids and tools like RegEdit won't find them in a search.

Link to comment
Share on other sites

Andavari I have seen that same area, don't remember where either.  For sure didn't want to tinker around with it. 

 

Not much information out there about deleted registry entries, even after these many years.  Google, DuckDuckGo and I are still looking. 

There is a forensic software called Encase that apparently can find lots of stuff you thought was gone, including deleted registry entries, but it is very expensive.

 

Makes you wonder, what else is secretly kept somewhere?  

Why is windows so obsessively retentive? 

Who knew there was unallocated space in the registry? 

Who knows any of this stuff?  :ph34r::P

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

  • Moderators

I remember now, those keys are called "String Value" like when you right click and create New->String Value in the registry, and when you right click them and select "Modify Binary Data" that's when you'll see all the stuff they can contain - I once saw one that had allot of stored data for a removed antivirus software.

 

Those can have all sorts of paths stored in them that registry cleaners, etc., ignore if invalid. And if you try to modify them it usually ends up messing them up.

 

See screenshot:

post-26-0-16394700-1416003749_thumb.png

Edited by Andavari
Link to comment
Share on other sites

I remember now, those keys are called "String Value" like when you right click and create New->String Value in the registry, and when you right click them and select "Modify Binary Data" that's when you'll see all the stuff they can contain - I once saw one that had allot of stored data for a removed antivirus software.

 

Those can have all sorts of paths stored in them that registry cleaners, etc., ignore if invalid. And if you try to modify them it usually ends up messing them up.

 

See screenshot:

attachicon.gifHiddenStuffInTheWindowsRegistry.png

Mother - "Stop picking at it!" :lol:

Link to comment
Share on other sites

There is some information about this issue, some of it quite old actually, mostly in forensic circles.

Haven't found much in the way of apps that work, mostly theoretical papers. 

Still reading. 

It all reinforces what has been said here all along, if the hard drive might have sensitive data destroy it. 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

  • Moderators

As far as the "unallocated/fragmented space" in the registry there's those registry compacter/defragger tools which are suppose to "defrag" it as they say, I personally use one of them two to three times per year on this old XP system and it has never caused a problem. Note that I've noticed Windows will sometimes do that "defrag" itself.

Link to comment
Share on other sites

On 15/11/2014 at 07:21, Andavari said:

. . . , I personally use one of them two to three times per year on this old XP system and it has never caused a problem. Note that I've noticed Windows will sometimes do that "defrag" itself.

 

Thanks. 

Just tried FRD, it worked fast and would have compacted the registry somewhat, except that it requires a restart.

Not sure what FRD was going to do but it went beyond just deleting the unallocated space I think.

 

...

 

As far as I could tell there was no way to avoid the restart, or do it later.  I closed the window and off it went.  :)

Soooo, Powershadow discarded the changes. 

 

Some of the stuff i have recently read suggests that NTREGOPT by Lars Herder will also do this. 

I haven't tried it.  Have you? 

 

Might try FRD later, since you said it caused no harm, but probably will stay w/ CCleaner, since I am a big registry scaredy-cat. 

Thanks again

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

  • Moderators

I've tried NTREGOPT, all those registry compactor's/defragger's do the same thing - the difference in them is mostly where they create the backup files usually with the .bak extension should they ever goof up, I always create an ERUNT registry backup before compacting the registry.

 

All of them I've tried require a reboot so that the new compacted registry can be used.

Link to comment
Share on other sites

Thanks nodles.  Sounds like it might remove that registry slack space. 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

  • Moderators

Sounds like it might remove that registry slack space. 

 

"Slack/Unallocated/Empty" space they'll all do fine to remove, that is until you immediately start your computer it will begin to create empty space all over again. Empty space can quickly grow the registry size after installing and uninstalling software, and after a large amount of several Microsoft Updates.

Link to comment
Share on other sites

Tried the portable nodles.  Showed about 1.05 mb to remove. 

Thanks to all for the feedback. 

I suspected (and hoped) that you guys were way ahead of me on this issue. 

 

From here on I'll just assume that windows remembers pretty much everything. 

 

Looks like the only way to be sure a HDD is cleaned is Thermite.  :P

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

  • Moderators

Looks like the only way to be sure a HDD is cleaned is Thermite.  :P

 

Windows creates and keeps so much rubbish, that's why wiping free space isn't enough if selling off a computer since a format and reinstall of the OS will create a brand new registry.

Link to comment
Share on other sites

I should elaborate on the Thermite comment, lest the good folks here take it as a slight. 

 

For my purposes, CCleaner does just fine, it removes the "stuff" that might slow up this computer, and much of the residual stuff also.  That's all I need. 

 

For professional folks such as doctors, lawyers, accountants, etc., the only safe course is to replace the hard drive, it seems. 

 

I wonder if it is safe to trust even the dedicated wiper softwares like DBAN? 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

  • Moderators

I wonder if it is safe to trust even the dedicated wiper softwares like DBAN? 

 

I personally wouldn't worry, however I've never had financial or private information stored on my computer for anyone to revive and steal.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.